On Mon, Nov 25, 2002 at 12:19:08PM +0000, Sam Vilain wrote: > On Saturday 23 November 2002 14:32, Herbert Poetzl wrote: > > CAP_SYS_ADMIN is currently sufficient for complete > > quota control, CAP_QUOTACTL enables root in a virtual > > server to maintain the user quotas. > > How did you get around allowing the virtual server that is running the > commands access to the disk device that the partition resides on? > > It's undesirable to allow root on a vserver to be able to open a block device > directly (amplus nucleus violatus), which must be provided for some of the > ioctl() commands required by quota commands.
quotactl() commands, not ioctls, and I use the vroot proxy device described on my pages ... http://www.13thfloor.at/VServer/HowTo_LVMQS.shtml best, Herbert > The only sensible work-around involves userland passing of quota admin > operations from one context to another, eg via an ssh forced command. > > Sam.
